Kelly Benefits Data Breach Update: Now 488K People Affected

June 3, 2025 update: Another amended disclosure increased the number of people affected from 413,032 to 488,139.

An April 22, 2025 amended data breach disclosure with the Maine Attorney General increases the number of people affected to 263,893 from 32,234 and again on May 1, 2025 increasing the number to 413,032 from 263,893. The Vermont Attorney General's office was notified on June 5, 2025.

On March 3, 2025, Kelly & Associates Insurance Group, Inc. (also known as Kelly Benefits) discovered a significant data breach affecting the personal and health information of 413,032 individuals across the United States. The company, a leading employee benefits consulting and insurance firm, reported that the breach exposed a wide range of sensitive data, including names, Social Security numbers, tax ID numbers, dates of birth, financial account information, medical information, and health insurance details. Both personally identifiable information (PII) and protected health information (PHI) were involved.

The impact of the breach varies by state. In Maine, 7,164 residents were affected; in Massachusetts, 158; in South Carolina, 197; and in New Hampshire, 15. The company began notifying affected individuals by written notice starting April 9, 2025, with additional notifications sent by April 21, 2025.

The Vermont Attorney General's office was notified on June 5, 2025.

At this time, the specific method of the breach and the identity of those responsible have not been disclosed. However, the scope of the incident and the types of data involved make this a severe breach, as it includes both financial and health-related information.

Information exposed: names, Social Security numbers, tax ID numbers, dates of birth, financial account information, medical information, and health insurance information.

Kelly & Associates Insurance Group, Inc.'s response

After discovering the breach, Kelly Benefits took steps to investigate and contain the incident. The company notified the appropriate authorities in multiple states and at the federal level, demonstrating compliance with data breach notification laws.

Detailed information about the breach and resources for affected individuals have been made available on the Kelly Benefits data event page.

If you believe you may have been affected, it is important to remain vigilant. Consider taking the following steps:

• Review any correspondence from Kelly Benefits for instructions or resources offered to you.
• Monitor your financial accounts and credit reports for any unauthorized activity.
• Consider placing a fraud alert or credit freeze on your credit file with the major credit bureaus.
• Watch for suspicious emails, phone calls, or mail that could indicate identity theft attempts.

Kelly Benefits has provided written notice to affected individuals and is likely offering additional support, such as credit monitoring or identity protection services, as is common in breaches of this nature. For more information, you can review the official notice to the California Attorney General, notice to the Maine Attorney General, notice to the Massachusetts Attorney General, notice to the South Carolina Attorney General, notice to the New Hampshire Attorney General, notice to the Vermont Attorney General and notice to the U.S. Department of Health and Human Services.